Hi all, Just picking the brains of the community to see if someone has
found a better solution to the problem below: Problem: Receipt of a JSON
log which contains an array of critical information. Like the one
below.{ "id": 909999, "cstName": "test1"...
Hi all, Just wanted to check with the community who is using version
7.1.x and what are your views on the new GUI and the impact on internal
process for SOCs and analyst time (Incident to Analysis to Closure).
FortiSIEM Thanks, Sotiris
Hi all, Just checking if someone is aware of a method for debugging SIEM
rules when they trigger. We have been through the testing, replay logs
in a controlled environment and testing variations of the matching
conditions but in production we still s...
Hi all, Does anyone know if it is possible to import a SOAR connector
into a Code Snippet step for utilisation? An example of this would be
the import of "Utilities" step to perform API queries. Thanks,Sotiris
Hi all, We have a deployment of FortiAuthenticator where we use it as
our SAML IDP for all services and platforms, including portal and
various FortiNet products. We are using the self-registration portal of
FortiAuthenticators for user self-registra...
Hi @Bruce7x2 , Please see below:1) Yes, you can either use tcpdump to
check port 443 (Agent logs) and 514 (Device Logs). Also the information
is stored in the location /opt/phoenix/cache/parser/events 2) Yes the
logs will be transferred to the superv...
Hi @bhinangt , I think the Cluster configuration setting overwrites the
configuration of the Agent. I would suggest opening a TAC ticket for the
team to provide guidance on the matter. What you are describing above is
not the expected behaviour of th...
Hi, You need to unistall the agent and install it again with the correct
information. Also please note if you have
Admin->Settings->System->Cluster Config for the supervisor then I think
it ovewrites the configuration of the agent. This needs to be t...
Hi @bhinangt , Make sure during the installation the Supervisor IP/DNS
is set as the collector IP or DNS name of the collector (if there is
one). If you have the collector set correctly as a proxy then all the
communication needs to flow via the coll...
Hi @MBerube , I spend some time debugging the function to understand
what is going on. So here is what I have learn. The
collectAndSetAttrByJsonArray has the following format:
src=the Array you want to parse
into the function. In the example I gave ...